RSA warns of NSA encryption sabotage

Weak formula

RSA has warned thousands of customers about using software that relies on a weak mathematical formula developed by the National Security Agency, the NIST encrypt standard.

RSA, the security arm of storage company EMC, told customers that a toolkit for developers had a default random number generator using the weak formula.

It is suggesting that customers should switch to one of several other formulas in the product.

The move follows a report in the New York Times which showed that among Snowden's cache of documents, the agency used its public participation setting voluntary cryptography standards to push for a formula it knew it could break.

The National Institute of Standards and Technology accepted the NSA proposal in 2006 as one of four systems acceptable for government use. The NSA said it would reconsider that inclusion in the wake of questions about its security.

Developers who used RSA's "BSAFE" kit wrote code for web browsers, other software, and hardware components to increase security.

At the centre of the system are random numbers and the ability to guess what they are renders those formulas vulnerable.

The NSA-promoted formula was so odd that even at the time some felt it was flawed by design.

Reuters claims that the NIST accepted it in part because many government agencies were already using it. However, now it has changed its mind and is calling for changes in the standard straight away.